Featured at Government Cybersecurity Conference
Atlanta, GA (Thursday, 23 August 2012) – Government interest in open source software continues to gain momentum. One example is the open source Suricata Intrusion Detection System (IDS) which is featured at this week's Government Forum of Incident Response and Security Teams (GFIRST) Conference held in Atlanta.
GFIRST is a public-private group of technical and tactical cybersecurity practitioners from incident and security response teams responsible for securing government information technology systems and providing private sector support. Conference attendees represent a full range of Federal, State and local government agencies including defense, civilian, intelligence and law enforcement.
Only a few years ago, many people argued that open source software was not secure enough to be considered as a key part of enterprise systems. However, the explosive growth of open source adoption throughout commercial and government technology systems has diminished that concern. Much of the software used to create the Internet is, in fact, open source, as is much of the software that runs mission critical systems within global financial markets where reliable security is essential.
Besides security, open source software can provide economic incentives, as there are no license fees associated with the software. Rights to modify and distribute the code are granted to users through open source license agreements and provide great flexibility for application use within large systems, such as government IT environments.
These potential benefits of open source solutions have not gone unnoticed by government agencies. The initial funding for the development of the Suricata project was provided by the U.S. Department of Homeland Security, Science and Technology Directorate through the Homeland Open Security Technology (HOST) program. (http://www.cyber.st.dhs.gov/host/)
“The goal of Suricata is to provide a scalable, enterprise-ready IDS engine that enables government and private security experts to share ideas and capabilities in an open and safe framework,” said Matthew Jonkman, president of the Open Information Security Foundation (OISF) board of directors.
OISF is the non-profit foundation established to coordinate development activities and maintain the Suricata code base, copyrights and license agreements. Access and rights to use and modify Suricata are guaranteed. This enables public and private organizations to feel more confident in contributing technology under a framework that prevents one-sided commercialization.
Suricata is licensed as an open source software application, which means the program is available at no additional cost to government, commercial and private adopters. In addition, the open source software license grants users the right to freely modify or customize the source code to fix bugs or meet their specific program needs. Users also have the right to share or distribute the program without paying license fees or seeking permission from the copyright holders.
From the technical perspective, Suricata is an open source, high-speed, multi-thread IDS engine. An IDS scans Internet traffic and identifies malicious code that seeks to attack a network system. Suricata’s multi-threaded architecture can support high performance multi-core and multi-processor systems. Multi-threading increases utilization of a single server, dividing up the IDS workload based on processing needs. This enables Suricata to quickly analyze large amounts of traffic against rules and apply more computing horsepower to the security process. The result is a more effective, efficient high-speed IDS for civilian and military branches of government.
“To achieve the same speeds as Suricata, you may have to run multiple instances of other engines, each seeing its own traffic,” said Jonkman. “Running multiple versions of an IDS this way is not ideal. It creates potential for evasion and reduces visibility of the big picture.”
Suricata’s automatic protocol recognition feature is another advantage for government users. Automatic protocol recognition can distinguish between different types of traffic, regardless of port. Suricata automatically applies protocol-specific signatures to a network traffic stream, whether it’s Web traffic, FTP or an e-mail. This feature eliminates enormous amounts of computing power and time formerly required for traffic analysis.
Suricata will soon also perform native IP reputation filtering to flag traffic from sources known to be malicious. “IP and DNS reputation filtering go a long way in eliminating the false positives and false negatives typical with many current IDS systems,” said Jonkman. “This is another example of the open source community working together to solve nagging problems with IDS engines that have been around for years.”
While Suricata was written from the ground up, it does use a signature syntax similar to other IDS engines. This ensures that security experts still benefit from a decade’s worth of IDS signature development and don’t have to learn a new language to participate. Suricata and the OISF consortium welcome code contributions from the private sector as well, and Suricata’s license accepts the idea of proprietary, commercial offshoots.
Since its launch in 2010, the Suricata project has gained enough attention that large government service providers, such as BAE Systems, have adopted Suricata as part of their product and service offerings to government clients. BAE Systems recently announced that it had become a corporate sponsor of the OISF and will support the development community by contributing code modifications back to the community of Suricata developers for inclusion into the main program.
“BAE Systems will be contributing our own intellectual property as a part of a partnership with the Open Information Security Foundation,” said Chad Quill, Business Manager for BAE Systems ITCS business. “When integrated, our software will better position a security operation to focus valuable human resources on the most urgent network issues and further reduce risk to the enterprise.”
This collaborative development and support environment is exactly what the OISF set out to do, said Jonkman.
“Suricata does not aim to replace other existing engines,” said Jonkman. “However, the collaborative, open source development model helps to drive innovation by providing access to the technology and enabling users to address the needs of their particular environment. The open nature also prevents any one entity from dominating development direction or from limiting access to features that can benefit all users.”
"We believe strong partnerships between government, industry and the open source community are drivers for the best overall network security solutions," said Jonkman. “By sharing what they know about intrusion detection in a common community infrastructure, civilian, military and commercial security experts can use the Suricata process to make the Web safer for everyone.”
The Suricata IDS is freely available for download through the OISF website: http://www.openinfosecfoundation.org/index.php/downloads
About Open Information Security Foundation
The Open Information Security Foundation (OISF) is a non-profit foundation organized to build a next generation IDS/IPS engine. The OISF has formed a multi-national group of the leading software developers in the security industry. In addition to developers and a consortium consisting of leading cyber security companies, OISF has engaged the open source security community to identify current and future IDS/IPS needs and desires.
Additional information available at: http://openinfosecfoundation.org
John Weathersby is the founder and executive director of the Open Technology Center at Camp Shelby Joint Forces Training Center.
The Open Technology Center (OTC) is a non-profit, research and development entity sponsored by the U.S. Department of Homeland Security and hosted by the Mississippi National Guard whose mission is to innovate and integrate open source software technologies for use within national defense and security organizations.
- Ole Miss
Camp Shelby Joint Forces Training Center to host open source UAV researc...
Multi-agency program seeks to identify cost savingsand drive innovation for government UAV systems. Maj. Deidre Musgrave. CAMP SHELBY, Miss.
Open Source Software Institute names Industry Advisory Board members
Open Source Software Institute names Industry Advisory Board members